This invention relates in general to selective call signalling systems and more particularly to a selective call signalling system that facilitates secure financial transactions over a wireless network to a single account portable wireless financial messaging unit.
In conventional selective call signaling systems, a user or originator may send a message to a subscriber unit (e.g., selective call receiver), the message comprising an address associated with the subscriber unit, and data. The data may be in one or more forms such as numeric digits representing a phone number, alphanumeric characters representing a readable text message, or possibly a multimedia message comprising audio and graphical information. Typically, this form of messaging was sufficient to convey information between individuals or services relating to their business, special interests, whereabouts, general scheduling, or time critical appointments. However, because of society""s increased need for information when a person is mobile, a solution must be found that allows an individual to perform personal or business transactions, as well as keeping informed of personal events, contacts, and business information.
Considering conventional wireless systems including both cellular and paging applications, there are significant problems that must be solved before reliable and private personal or business transactions can be implemented. Because of the advancement of the engineering sciences, particularly in the areas of wireless communications and computer science, it has become relatively easy for a xe2x80x9chackerxe2x80x9d to monitor both the address and data broadcast to the selective call receiver. This unwanted monitoring or eavesdropping poses a problem to potential users of wireless communication systems in that their personal data may be exposed to unauthorized individuals, thus creating an unnecessary risk for both parties if confidential information is broadcast. Moreover, if the information contains clear-text data representing a personal address, serial number, Personal Identification Number (PIN) or the like, an unscrupulous party monitoring the data stream could gain access to an individual""s personal accounts or pirate the address to clone an unauthorized communication device. The theft of service or confidential information in this manner is probably the most daunting issue facing communication equipment manufacturers and service providers today and in the future. The interest in securing data contained in broadcasts is especially keen in the area of electronic financial transactions. To expose for capture, the clear text data contained in a financial transaction invites, and will surely result, in a theft of funds or fraud against an individual.
Thus, what is needed is wireless messaging system that allows an originator to communicate a secure message between a subscriber unit and the originator; and authenticate the secure message, without exposing the content or meaning of the message.
Briefly, according to the invention, there is provided a method and apparatus for sending data comprising secure financial transactions over existing paging infrastructure equipment, using paging protocols such as FLEX(copyright), a registered trademark of Motorola, Inc., POCSAG (Post Office Code Standardisation Advisory Group), or the like.
A first aspect of the invention involves realizing hardware that implements a method for overlaying secure messaging on an existing paging infrastructure. The existing paging infrastructure comprises a paging terminal that includes a paging encoder for processing received messages and their corresponding destination requests. The paging terminal generates a messaging queue of selective call messages comprising the received messages and their corresponding selective call address(es), as determined from the corresponding destination requests. Distribution of the selective call messages in the messaging queue is handled by the paging terminal which dispatches messages to at least one base station (e.g., transmitter, antenna, and receiver) for communication between the base station and the subscriber unit(s) or pagers.
A second aspect of the invention involves the inclusion of a cryptographic engine in the,paging terminal for selectively ciphering, deciphering, signing, and verifying the authenticity of messages received from both an originator and from the subscriber unit or pager.
A third aspect of the invention involves the subscriber unit or pager that is equipped with a special security module that can process cryptographic information contained in the selective call messages to verify their authenticity extract the ciphered data, and return ciphered responses or acknowledgments as necessary, to authenticate and confirm reception of the secure message.
A fourth aspect of the invention involves the subscriber unit or pager being equipped with a primary and possibly a secondary apparatus for communicating both inbound and outbound messages. The primary apparatus comprises a conventional radio frequency receiver and optionally a conventional radio frequency transmitter. The secondary apparatus comprises an optical receiver and optionally an optical transmitter. Alternatively, the secondary apparatus may further comprise one or more acoustic or other electromagnetic transducers and associated circuitry implementing a uni- or bi-directional communication link between the subscriber unit or pager and the originator.
A fifth aspect of the invention involves the subscriber unit or pager including a single, predetermined account identifier corresponding with at-least one of an electronic cash or funds storage card, debit-card, credit card, or bank account.
A sixth aspect of the invention involves the subscriber unit or pager including multiple predetermined account identifiers corresponding with at least two of the following: electronic cash or funds storage card, debit card, credit card, or bank account.
A seventh aspect of the invention involves the cryptographic engine in the paging terminal and the security module in the subscriber unit or pager accommodating a plurality of cryptographic procedures. These cryptographic procedures comprise both private and public key systems, as appropriate. One such private key system is the Data Encryption Standard (DES) using the ANSI X3.92 DES algorithm in CBC mode. Similarly, a first public key system is RSA (invented by Rivest, Shamir, and Adleman), a cryptographic procedure based on sub-exponential one-way functions implemented using modulo n integer multiplication and exponentation. A second public key system uses elliptic curve technology, a cryptographic procedure based on highly non-linear exponential one-way functions implemented over finite fields.
An eight aspect of the invention involves initiating a wireless transaction from the subscriber unit or pager, the wireless transaction relating to at least one of the electronic cash or funds storage card, debit card, credit card, or bank account.
A ninth aspect of the invention involves a user selected personal identification number that is programmed into the subscriber unit or pager for protecting financial accounts or funds loaded in the subscriber unit or pager.
A tenth aspect of the invention involves a user selected personal identification number that is programmed into the Smart Card via the subscriber unit or pager, thus disabling access to any features of the protected Smart Card unless subsequently accessed or reprogrammed by the subscriber unit or pager.
An eleventh aspect of the invention involves authenticating the an authorized subscriber unit or pager as a communication agent for the wireless financial transaction, and selectively disallowing any financial transactions directed to accounts belonging to or controlled by the authorized subscriber unit or pager when an inbound or outbound financial transaction is communicated between an issuer and an unauthorized subscriber unit or pager, and in the alternative, preventing fund transfers or credit transactions that exceed a predetermined limit set either by an authorized user or a regulator such as a bank, a credit card issuer or the like.